From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/14716
Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail
From: Rich Felker <dalias@libc.org>
Newsgroups: gmane.linux.lib.musl.general
Subject: Re: Bug report, concurrency issue on exception with gcc 8.3.0
Date: Tue, 24 Sep 2019 19:22:46 -0400
Message-ID: <20190924232246.GS9017@brightrain.aerifal.cx>
References: <20190917134422.aootviums4hdtell@zen.arangodb.com>
 <20190917140227.GW9017@brightrain.aerifal.cx>
 <20190917143510.GX9017@brightrain.aerifal.cx>
 <20190918071931.lkuf45ltcrdrdxjy@zen.arangodb.com>
 <20190918092149.GT22009@port70.net>
 <20190918124551.lsibbaouordfrddv@zen.arangodb.com>
Reply-To: musl@lists.openwall.com
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="7gQyIpR7q4QSXYu+"
Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226";
	logging-data="201337"; mail-complaints-to="usenet@blaine.gmane.org"
User-Agent: Mutt/1.5.21 (2010-09-15)
To: musl@lists.openwall.com
Original-X-From: musl-return-14732-gllmg-musl=m.gmane.org@lists.openwall.com Wed Sep 25 01:23:02 2019
Return-path: <musl-return-14732-gllmg-musl=m.gmane.org@lists.openwall.com>
Envelope-to: gllmg-musl@m.gmane.org
Original-Received: from mother.openwall.net ([195.42.179.200])
	by blaine.gmane.org with smtp (Exim 4.89)
	(envelope-from <musl-return-14732-gllmg-musl=m.gmane.org@lists.openwall.com>)
	id 1iCu98-000qHA-KO
	for gllmg-musl@m.gmane.org; Wed, 25 Sep 2019 01:23:02 +0200
Original-Received: (qmail 22398 invoked by uid 550); 24 Sep 2019 23:23:00 -0000
Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:musl@lists.openwall.com>
List-Help: <mailto:musl-help@lists.openwall.com>
List-Unsubscribe: <mailto:musl-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:musl-subscribe@lists.openwall.com>
List-ID: <musl.lists.openwall.com>
Original-Received: (qmail 22377 invoked from network); 24 Sep 2019 23:22:59 -0000
Content-Disposition: inline
In-Reply-To: <20190918124551.lsibbaouordfrddv@zen.arangodb.com>
Original-Sender: Rich Felker <dalias@aerifal.cx>
Xref: news.gmane.org gmane.linux.lib.musl.general:14716
Archived-At: <http://permalink.gmane.org/gmane.linux.lib.musl.general/14716>


--7gQyIpR7q4QSXYu+
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Wed, Sep 18, 2019 at 02:45:51PM +0200, Max Neunhoeffer wrote:
> Hello,
> 
> thank you very much for the explanation. This gives me a temporary way
> to fix up our application until the bug has been fixed.

I'm adding the attached patch to musl-cross-make; it should fix the
issue adequately on the gcc side.

Rich


> On 19/09/18 11:21, Szabolcs Nagy wrote:
> > * Max Neunhoeffer <max@arangodb.com> [2019-09-18 09:19:31 +0200]:
> > > thanks for the quick response and for lobbying with the gcc folks!
> > > 
> > > Did you see the second example program in the original bug report? This
> > > seems to indicate that there might be an additional problem, since when
> > > I explicitly use `pthread_cancel` (thereby circumventing the detection
> > > problem), I get a crash when the first exception is thrown.
> > 
> > pthread_cancel does not solve the detection problem.
> > 
> > reference to pthread_cancel only helps with dynamic linking.
> > in case of static linking you have to explicitly add (strong)
> > reference to symbols that libgcc_eh.a uses:
> > 
> > pthread_cancel
> > pthread_getspecific
> > pthread_key_create
> > pthread_mutex_lock
> > pthread_mutex_unlock
> > pthread_once
> > pthread_setspecific
> > 
> > where pthread_cancel is only needed to make libgcc_eh.a call the
> > thread functions (but those are all weakrefs so will just be 0
> > at runtime unless there are other strong references to them).
> > 
> > > 
> > > Do you think this is a libgcc problem, too? Should I report this to the
> > > gcc bug tracker as well?
> > > 
> > > Cheers,
> > >   Max.
> > > 
> > > On 19/09/17 10:35, Rich Felker wrote:
> > > > On Tue, Sep 17, 2019 at 10:02:27AM -0400, Rich Felker wrote:
> > > > > On Tue, Sep 17, 2019 at 03:44:22PM +0200, Max Neunhoeffer wrote:
> > > > > > Hello,
> > > > > > 
> > > > > > I am experiencing problems when linking a large multithreaded C++ application
> > > > > > statically against libmusl. I am using Alpine Linux 3.10.1 and gcc 8.3.0
> > > > > > on X86_64. That is, I am using libmusl 1.1.22-r3 (Alpine Linux versioning)
> > > > > > and gcc 8.3.0-r0.
> > > > > > 
> > > > > > Before going into details, here is an overview:
> > > > > > 
> > > > > > 1. libgcc does not detect correctly that the application is multithreaded,
> > > > > >    since `pthread_cancel` is not linked into the executable.
> > > > > >    As a consequence, the lazy initialization of data structures for stack
> > > > > >    unwinding (FDE tables) is executed without protection of a mutex.
> > > > > >    Therefore, if the very first exception in the program happens to be
> > > > > >    thrown in two threads concurrently, the data structures can be corrupted,
> > > > > >    resulting in a busy loop after `main()` is finished.
> > > > > > 2. If I make sure that I explicitly link in `pthread_cancel` this problem
> > > > > >    is (almost certainly) gone, however, in certain scenarios this leads
> > > > > >    to a crash when the first exception is thrown.
> > > > > > 
> > > > > > I had first reported this problem to gcc as a bug against libgcc, but the
> > > > > > gcc team denies responsibility, see 
> > > > > > [this bug report](https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91737).
> > > > > 
> > > > > This is a gcc bug and needs to be fixed in libgcc.
> > > > 
> > > > I've updated the gcc tracker with more info, but I seem to lack the
> > > > ability to reopen the bug myself.
> > > > 
> > > > To add some more context, using weak references to determine if a
> > > > library is linked is a dynamic-linking-centric hack and is not
> > > > compatible with static linking. GCC has historically done this for
> > > > glibc and other systems where libpthread was a separate library to
> > > > avoid pulling in a dependency on it, but it's always been broken on
> > > > glibc with static linking too. Various distros worked around this with
> > > > horrible hacks as described in Andrew Pinski's reply to your bug
> > > > report, using binutils tricks to move the whole libpthread.a into a
> > > > single .o file so that if any of it gets linked it all gets linked.
> > > > It's possibly upstream glibc adopted this at some point; I'm not sure.
> > > > But they're in the process of moving the mutex functions to libc
> > > > instead of libpthread (and maybe even getting rid of libpthread like
> > > > musl does), so GCC's hacks here won't even provide any benefit with
> > > > future glibc versions.
> > > > 
> > > > In any case, this kind of pushback against fixes for clear bugs used
> > > > to be expected, but things have gotten a lot better with musl being
> > > > more mainstream nowadays. I think the issue will get resolved quickly
> > > > once a few more GCC developers look at it. It was actually just
> > > > reopened while I was writing this email.
> > > > 
> > > > Rich

--7gQyIpR7q4QSXYu+
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="0001-fix-gthr-weak-refs-for-libgcc.patch"

>From 51a354a0fb54165d505bfed9819c0440027312d9 Mon Sep 17 00:00:00 2001
From: Szabolcs Nagy <nsz@port70.net>
Date: Sun, 22 Sep 2019 23:04:48 +0000
Subject: [PATCH] fix gthr weak refs for libgcc

ideally gthr-posix.h should be fixed not to use weak refs for
single thread detection by default since that's unsafe.

currently we have to opt out explicitly from the unsafe behaviour
in the configure machinery of each target lib that uses gthr and
musl missed libgcc previously.

related bugs and discussions
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=78017
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87189
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=91737
https://sourceware.org/bugzilla/show_bug.cgi?id=5784
https://sourceware.org/ml/libc-alpha/2012-09/msg00192.html
https://sourceware.org/ml/libc-alpha/2019-08/msg00438.html
---
 libgcc/config.host          | 7 +++++++
 libgcc/config/t-gthr-noweak | 2 ++
 2 files changed, 9 insertions(+)
 create mode 100644 libgcc/config/t-gthr-noweak

diff --git a/libgcc/config.host b/libgcc/config.host
index 122113fc519..fe1b9ab93d5 100644
--- a/libgcc/config.host
+++ b/libgcc/config.host
@@ -1500,3 +1500,10 @@ aarch64*-*-*)
 	tm_file="${tm_file} aarch64/value-unwind.h"
 	;;
 esac
+
+case ${host} in
+*-*-musl*)
+  # The gthr weak references are unsafe with static linking
+  tmake_file="$tmake_file t-gthr-noweak"
+  ;;
+esac
diff --git a/libgcc/config/t-gthr-noweak b/libgcc/config/t-gthr-noweak
new file mode 100644
index 00000000000..45a21e9361d
--- /dev/null
+++ b/libgcc/config/t-gthr-noweak
@@ -0,0 +1,2 @@
+# Don't use weak references for single-thread detection
+HOST_LIBGCC2_CFLAGS += -DGTHREAD_USE_WEAK=0
-- 
2.17.1


--7gQyIpR7q4QSXYu+--